eduroamhttps://www.eduroam.org
World Wide Education Roaming for Research & EducationFri, 16 Feb 2018 17:22:12 +0000en-GBhourly1https://wordpress.org/?v=4.9.4GRENA boosts eduroam visibility in Georgia at UNESCO-supported anniversary eventhttps://www.eduroam.org/2018/02/16/grena-boosts-eduroam-visibility-in-georgia-at-unesco-supported-anniversary-event/
Fri, 16 Feb 2018 13:49:53 +0000https://www.eduroam.org/?p=945Read More...]]>GRENA, the Georgian Research and Educational Networking Association, provided the eduroam roaming service to guests celebrating the 100th anniversary of Ivane Javakhishvili Tbilisi State University (TSU) on 8 February 2018. More than 130 guests from Georgia and other countries used eduroam during the UNESCO-supported event, which marked the centenary of the first national university in the Caucasus.

TSU opened in 1918 on 8 February (26 January in the old calendar) and laid the foundation for a European-type higher education in Georgia, based on Georgian educational traditions. Now the major educational and research institution in Georgia, TSU has around 600 foreign students alongside the 22 thousand Georgian students who undertake their studies there.

]]>eduroam continues to grow in 2017https://www.eduroam.org/2017/11/05/2016-a-record-breaking-year-for-eduroam/
Sun, 05 Nov 2017 10:43:37 +0000https://www.eduroam.org/?p=746Read More...]]>The latest statistics for the eduroam service show yet more growth in 2017 with a 18% increase in international authentications and a 21% increase in national authentications. 85 countries now take part in eduroam around the world with Tajikistan being the latest country to join the eduroam family.

In total, the eduroam AuthN system recorded over 3.6 billion national authentications (where users from another institution in the same country authenticate their WiFi access via eduroam) and more than 834 million international authentications.

Providing free and secure WiFi access at any participating location to millions of students, researchers, and academic staff around the world, eduroam is continuing to go from strength-to-strength.

]]>Key Reinstallation Attack and WPA2https://www.eduroam.org/2017/10/18/key-reinstallation-attack-and-wpa2/
Tue, 17 Oct 2017 22:20:51 +0000https://www.eduroam.org/?p=903Read More...]]>Recently, the news of the Key Reinstallation Attack (KRACK) vulnerability allowing the decryption of WPA2 messages being the key exploit was announced. This may open up additional vulnerabilities toward a wireless client and the security and integrity of their browsing traffic.

KRACK is an attack against Wi-Fi infrastructure and clients, rather than against a specific wireless network. This means that eduroam is no more or less affected than any other Wi-Fi network, and there is nothing you need to specifically do for eduroam that you wouldn’t already need to do for any other Wi-Fi network.

While there are no reports of this being actively exploited, the upside is that this is not a remote attack so, it can only happen within proximity of vulnerable access points and clients. This is not a service affecting issue and eduroam authentication infrastructure will continue to function normally and your login credentials (username/password or certificate) continue to be securely transmitted.

It is recommended that technicians responsible for wireless networks closely monitor the availability of software updates for your vendor and patch as soon as possible. An intermediate solution is to disable 802.11r (aka Fast Roaming) until an update is available.Update your phone, tablet and laptop as soon as patches are made available from your manufacturer to protect yourself from this vulnerability which can occur on all WPA2 networks (including your home, café, airport and other enterprise wireless networks).

Legacy WPA & TKIP networks continue to be deprecated for a multitude of reasons and you shouldn’t re-enable this as it isn’t a solution to this problem and will cause issues. The best practice is currently (and remains) WPA2 + AES-CCMP.

Additional information on this vulnerability can be found at SANS and Mojo Networks. Thanks to SURFnet, AARNet and TENET for information used in creating this advisory.

]]>
Everything you wanted to know about eduroam but were afraid to askhttps://www.eduroam.org/2016/07/26/everything-you-wanted-to-know-about-eduroam-but-were-afraid-to-ask/
Tue, 26 Jul 2016 14:57:51 +0000https://www.eduroam.org/?p=697Read More...]]>With billions of authentications every year in thousands of locations across 78 countries you might think that eduroam is an immensely complicated system and something like “Black Magic”.

How after-all does the station WiFi hotspot in Geneva know about your account from a Spanish university and log you on in the blink of an eye without you having to remember usernames, passwords or indeed do anything?

Well behind the scenes there is quite a lot of very clever technology working away to make lives simple for the millions of students, staff and researchers who use eduroam everyday and one of the beauties of this technology is that it is (usually) invisible. As Arthur C Clarke once famously said

Any sufficiently advanced technology is indistinguishable from magic.

And for most people “magic” is all we need to know. But for those who really do want to know how this magical world of eduroam works then read on…

The team at eduroam have developed a wiki that can tell you how eduroam works so now you can find out what really lies behind the curtain of the little eduroam symbol on your phone. Happy reading (and don’t say I didn’t warn you)!

]]>Getting ready for summer? Don’t forget to pack eduroamhttps://www.eduroam.org/2016/07/13/getting-ready-for-summer-dont-forget-to-pack-eduroam/
Wed, 13 Jul 2016 10:07:47 +0000https://www.eduroam.org/?p=692Read More...]]>With term ending and the long summer vacation just beginning probably the last thing on your mind is access to the university WiFi but eduroam can help you stay connected wherever you’re traveling. With eduroam access on phones and tablets you’ll be able to take advantage of tens of thousands of hotspots in over 70 countries giving you high speed internet access without using up your phone’s data allowance.

]]>eduroam welcomes three new members to the familyhttps://www.eduroam.org/2016/06/09/eduroam-welcomes-three-new-members-to-the-family/
Thu, 09 Jun 2016 12:21:02 +0000https://www.eduroam.org/?p=672Read More...]]>This week eduroam welcomes Georgia, The Ukraine and Uruguay to the family of eduroam operators.

Now researchers from around the world can use their eduroam credentials to access the internet from locations across these countries and their users will be able to access eduroam across the globe.

As National Research and Education Networks join eduroam, everyone benefits and the value of eduroam increases.

]]>1 billion authentications for eduroam!https://www.eduroam.org/2016/05/18/1-billion-authentications-for-eduroam/
Wed, 18 May 2016 08:32:52 +0000https://www.eduroam.org/?p=493Read More...]]>Our daughter is 2 years old, so the days of teenage rebellion, boyfriends and empty nest are still (I hope) a long way away. However, when I heard about 1 billion eduroam authentications this week, it did feel a bit like I turned my head for a moment and all of a sudden my baby had turned into an adult.

Staying with the metaphor, I do vividly remember the birth process. From my half-finished idea that we tried out with Twente University and later Amsterdam Polytechnic, and that was frankly as much aimed at making our own life easier than that there was any grand vision, to the first international roaming with the University of Southampton. And after successfully demonstrating eduroam at the TNC in Zagreb, the growing pains… Croatia, Portugal, Spain, Norway, Denmark and many more countries joining, leading to heated debates about things like eligibility, security and the eduroam brand in the TERENA (now GÉANT) Mobility Task Force.

And then puberty hit. The GÉANT2 project was in dire need of middleware projects the European R&E community could get behind. Foolishly enough I wrote a short paragraph proposing both a pan-European authentication and authorisation infrastructure that would link the existing identity federations and a roaming service. Frankly, I have cursed that thought at times over the following years. All of a sudden the free spirit that was the eduroam community was reigned in, and we had to grow up. The operative words became operational excellence, policy frameworks, monitoring and performance metrics. And even though important activities like those in the IETF on standardising RadSec took place, eduroam led too often the life of a sulky teenager hiding in her room instead of showing the world what had become of her. Eventually, though she came out of that stronger and more powerful than ever.

In the meanwhile, the rest of the world, led by Australia, Japan, Canada and later the US, started eduroam activities of their own. And before we knew it South-American, African and Asian countries were following suit. Today 76 countries in every continent bar Antarctica participate in eduroam and over 1 billion authentications have been performed. Even though eduroam is yet to hit 18, my baby certainly grew up to become a very sweet 16!

To quote Bob Dylan:

“May your song always be sung / May you stay forever young!”

Klaas Wierenga

]]>One billion eduroam authentications!https://www.eduroam.org/2016/05/18/one-billion-eduroam-authentications/
Wed, 18 May 2016 08:31:06 +0000https://www.eduroam.org/?p=491Read More...]]>What a nice surprise today: our F-Ticks system today reports that the one billionth eduroam authentication has just taken place. Having been with eduroam R&D since it’s early days, I can say that we’ve come a long way. I still recall the days when a conference with a few hundred participants caused anxiety and clearly visible spikes in the international authentication stats, because the overall user base was only a few thousand people. Today, any given conference, no matter how big, isn’t even noticeable. Congratulations to all those people around the planet that continue to make eduroam such a success!

The journey from a “Wow! It actually works!” to a service spanning over 70 countries, ten thousands of hotspots and millions of users which expect an excellent quality of service for a technology which is essential for their everyday lives taught me many lessons. Like that things done manually don’t scale: the mere existence of the F-Ticks system (originally thought to be the “federated authentication ticker”) is owed to the fact that manually searching through log files for stats just doesn’t work very well at scale. Another example is the eduroam Configuration Assistant Tool (CAT) (no idea what I’m talking about? – quit living under a rock and look here: https://cat.eduroam.org ): while configuring eduroam was okay to be done manually by “the eduroam guy” in the office for his five IT colleagues, it’s much less okay if that guy now has a queue of thousands of students in front of him.

Our journey certainly isn’t over: we still have many areas where we can improve. Like in fault reporting and fault-finding: telling a user with problems to phone home – only to possibly be told that he needs to walk up to a local help desk at a roaming place instead – isn’t exactly the greatest customer service. We are currently working on improving this, with an online expert system which tries its best to find out where and what the problem exactly is, putting you in touch with the people who can actually help you, as automated and real-time as possible. Or like compliance checks: we don’t really know much about the end user’s experience at the hotspot, and his local problems there which do not show up in any roaming log – does he get an IP address from DHCP, does the hotspot open all required ports so that users can get to do their work, does the hotspot maybe have woefully outdated Wi-Fi setups (WPA/TKIP-only, burn you must!)? We are working on getting closer to the user with our diagnostics. Ideally, when a user reports a problem at a given hotspot, I’d like to be able to tell him: we are with you – logging in in real-time at exactly the spot you are at, finding out
about possible problems in real-time.

Last but not least, we should work on expanding our footprint further: there are certainly many small institutions out there for whom running an own RADIUS server in order to become an eduroam Identity or Service Provider is a too daunting task. Activating those would be an extra kick to our installed base and would yield even more happy users than we have right now. And with that, I’m sure there will be continuous growth for eduroam towards even more mind-blowing numbers than the billion we saw today. Like what people say about money: the first billion is always the hardest!

Stefan Winter

]]>eduroam: From an idea to a global servicehttps://www.eduroam.org/2016/05/17/eduroam-from-an-idea-to-a-global-service/
Tue, 17 May 2016 10:28:05 +0000https://www.eduroam.org/?p=459Read More...]]>eduroam: from an Idea to a Global Service

How did it start?

Over 10 years ago, back in 2002 experts involved in the TERENA (now GÉANT) Task Force Mobility recognised the needs of the research and education community: students, teachers and researchers were getting increasingly mobile, and more dependent on technology and the Internet to collaborate and communicate. Thus the group started to design a roaming service, primarily for WI-FI users that would allow them to use the same credentials and WI-FI setup on their devices to authenticate and access the network regardless of the location, enabling the same Internet services as at their home organisation.

Initial requirements for such a roaming service were:

identify users uniquely at the edge of the network

enable guest usage

scalable service

local (home organisation) user administration and authentication

easy to install and use

at the most one-time installation by the user

open (not restricted to particular SW or HW vendor; using known standards)

After investigation of several different technologies and architectures (captive portals being one of them) one solution based on the use of 802.1x standards, RADIUS and EAP authentication was selected and named educational roaming – eduroam.

As usual, it all started with a simple e-mail proposal (https://www.terena.org/activities/tf-mobility/start-of-eduroam.pdf) sent by Klaas Wierenga of SURFnet (the Dutch NREN) to the group. The first eduroam cross-border infrastructure pilot along with SURFnet, included the University of Southampton in the UK, FCCN (the Portuguese NREN) and Srce, University Computing Centre, University of Zagreb in Croatia. The pilot was then joined by DFN (the German NREN), FUNET from Finland and other European countries in the following years.

Now we have a service!

Through the series of GÉANT projects (starting with GÉANT2) the eduroam architecture has been validated and perfected both in technical and organisational terms. Finally, under the motto “Open your laptop and be online” on September 1, 2008 the European eduroam service was launched
as secure, consistent and uniform network access service inside the boundaries of the European eduroam confederation. At that time eduroam was already a global service provided in North
America, Australia and Asia (Japan in particular).

With eduroam without the need to register for guest accounts or remember extra passwords, users can simply open their laptops or activate their mobile devices, and eduroam automatically
authenticates them with their home institution and handles authorisation via the institution they are visiting. This not only benefits researchers, teachers and students, but reduces the support burden for institutions themselves, making it simple to provide access for all users (home and visiting) without adding to their administrative workload.

The fast uptake of the service in the coming years proved its’ potential. In 2012, 10 years after the initial proposal the service was offered at over 5,000 service locations in 43 European countries, and over 50 countries worldwide. The eduroam service was ranked as the 27th most widely used SSID (http://www.wigle.net/gps/gps/main/ssidstats).

Since the very beginning eduroam has been recognised as a highly distributed service. This fact emphasises the importance of supporting services such as documentation, configuration tools for end users, diagnostic, monitoring and metering tools.

Over time several supporting services were launched, starting with the www.eduroam.org website containing all the documentation both for end users and service administrators. Today they are all accessible via http://monitor.eduroam.org.

Finally the eduroam CAT (Configuration Assistance Tool) – an ultimate tool for end users has been launched (http://cat.eduroam.org). This tools makes the task of configuring your device for the eduroam service as easy as few clicks on your browser.

Going global

Soon after the official launch of eduroam in Europe, it became clear it could really become a global service so, under the auspices of TERENA (now GÉANT), the Global eduroam Governance Committee (GeGC) was established with the role of governing the global eduroam service.

Today eduroam is available on all continents in over 70 countries, at over 17,000 locations, still growing fast both in coverage and usage.

After being accepted by the research and education community as the de-facto standard for WI-FI and wired authenticated network access for campuses eduroam has gone beyond the campus border. Today it is offered as a service to the research and education community by local municipalities (for example Luxembourg, Vienna, Zagreb) and also in libraries, hospitals, and even on public transport.

It is also worthwhile mentioning that eduroam has been recognised by industry and society as a whole.

eduroam is now influencing vendors and standards bodies but also serves as an example to other sectors. We witness the birth of the govroam initiative aiming to build this service for government and local municipality environment based on eduroam technology.

More to come

This summer from July 12th 5,000 students from 45 European countries and 250 different universities will compete in 21 different sports as part of the European University Games (EUG 2016) hosted by the cities of Zagreb and Rijeka, Croatia. The organisers have decided to offer eduroam as the network access service for their competitors and guests!

New website for the eduroam community

Today eduroam unveils a new website to help support the growing eduroam community around the world.

This new site offers user, institutions and NRENs access to the latest news about eduroam and, in recognition of the impact of phone and tablet access, offers a fully responsive web design to support all access types.

Over time this site will grow to provide even more news and information about eduroam and how it has helped develop a global village for Research and Education.